Identity Metasystem in Location Based Persistent Authentication - - PowerPoint PPT Presentation

identity metasystem in location based persistent
SMART_READER_LITE
LIVE PREVIEW

Identity Metasystem in Location Based Persistent Authentication - - PowerPoint PPT Presentation

Dec 23, 2023 339 likes •512 views

Identity Metasystem in Location Based Persistent Authentication EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy Hasan Ibne Akram M.Sc. Computer Science Fraunhofer Institute

slide-1
SLIDE 1

Hasan Ibne Akram

M.Sc. Computer Science

Fraunhofer Institute for Secure Information Technology Munich, Germany Munich University of Technology Munich, Germany

EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

Identity Metasystem in Location Based Persistent Authentication

slide-2
SLIDE 2
  • Motivation
  • Introduction to PAISE
  • Privacy Principles for Smart Environments
  • Identity Metasystem
  • Identity Metasystem Technologies
  • OpenID
  • Windows CardSpace
  • Higgins
  • Proposed Architecture
  • Evaluation
  • Conclusion & Future Outlook

Outline

slide-3
SLIDE 3

Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

3

Motivation

  • Authentication in smart environment is traditionally device centric
  • If the device is stolen, there is a good chance of your identity

being stolen

  • User can be impersonated
  • Traditional Location Tracking System (LTS), e.g., RFID, GPS etc.

has been criticized by the privacy proponents

  • LTS is inherently lacks privacy principles
slide-4
SLIDE 4

Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

4

  • A shift from device tracking paradigm to person tracking paradigm.
  • Person tracking using "Time-of-Flight" (TOF) cameras

Introduction to PAISE

slide-5
SLIDE 5

Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

5

  • Notice
  • Choice and Consent
  • Anonymity and Pseudonymity
  • Proximity and Locality

Privacy Principles for Smart Environments

slide-6
SLIDE 6

Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

6

Federated Identity

3 players of federation

  • Identity Provider
  • Relying Party
  • Subject/User

Identity Metasystem

slide-7
SLIDE 7

Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

7

Identity Metasystem

C Com pi l er

Assem bl y Assem bl y Assem bl y Assem bl y Assem bl y Assem bl y

I dent i t y M et asyst em I dent i t y M et asyst em

  • X. 509
  • X. 509

Ker ber os Ker ber os SAM L SAM L

TCP/ I P

Tokenr i ng Tokenr i ng Et her net Et her net

  • 802. 11
  • 802. 11

http://www.identityblog.com/stories/2005/07/05/IdentityMetasystem.htm

slide-8
SLIDE 8

Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

8

Identity Metasystem Technologies

–OpenID

  • Objective: Reduce username and password
  • Protocol was developed in 2005
  • Main Features of OpenID

– Light Weight Identity – Decentralized – Single-Sign-On

  • “OpenID is a free and easy way to use a

single digital identity across the Internet.” [ http://openid.net/ ]

slide-9
SLIDE 9

Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

9

Identity Metasystem Technologies

– Windows CardSpace

  • Windows CardSpaceis a client software from Microsoft

which is a visual metaphor for identity selector for the end- user.

  • Windows CardSpace provides controlling power to the end-

users on the fact that which information (about the end- users) should reach to the Relying Party and which should not.

  • It is shipped with Windows Vista (or as an add-on in

Windows XP); it is not meant to replace the other standards handling digital identity rather to utilize and extend them.

  • CardSpace is token agnostic, i.e. it supports any token type

i.e. SAML, OpenID, Kerberos or custom token type.

slide-10
SLIDE 10

Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

10

Identity Metasystem Technologies

– Higgins

  • An open source identity framework being developed at the

Eclipse Foundation.

  • Higgins is a software infrastructure that supports consistence

user experience that works with digital identity protocols, e.g. WS-Trust, OpenID, SAML, XDI, LDAP etc.

  • The main objective of the Higgins project is to manage

multiple contexts, interoperability, define common interfaces for an identity system.

  • Various technologies including LDAP, SAML, WS-*, OpenID
  • etc. can be plugged into the Higgins framework.
slide-11
SLIDE 11

Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

11

Identity Metasystem Technologies

Evaluation w.r.t. the Privacy Principles

slide-12
SLIDE 12

Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

12

Proposed Architecture

slide-13
SLIDE 13

Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

13

Evaluation

  • 1. Notice
  • 2. Choice and

Consent

  • 3. Anonymity and

Pseudonymity

  • 4. Proximity and

Locality

slide-14
SLIDE 14

Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

14

Conclusion &Future Outlook

  • Implementation of the architecture
  • Proof of Concept
  • Combining the Architecture with ProtectServe of Kantara

Initiative Work Group - User Managed Access (UMA)

– ProtectServe Specification

  • 4 Legged Scenario – User, IdP (the resource provider), RP (the consumer) and

a Authorization Manager (AM)

  • Identity Dashboard
  • Web link: http://kantarainitiative.org/confluence/display/uma/Home
slide-15
SLIDE 15

Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

15

Thank you for paying attention. Questions? Contact: hasan.akram@sit.fraunhofer.de